https://community.cisco.com/t5/network-access-control/aaa-problem-with-nexus/m-p/1586512#M258399 <HTML><HEAD></HEAD><BODY><P>Hello ,</P><P></P><P>You should add at the end of each authentication and authorization set "local"</P><P>Like this :</P><P></P><P>aaa authentication login default group TACSRV local<BR />aaa authorization config-commands default group TACSRV local<BR />aaa authorization commands default group TACSRV local</P><P></P><P></P><P></P><P>Dan</P></BODY></HTML> Wed, 29 Dec 2010 11:46:57 GMT Dan-Ciprian Cicioiu 2010-12-29T11:46:57Z https://community.cisco.com/t5/network-access-control/aaa-problem-with-nexus/m-p/1586511#M258398 <P>Hi out there</P><P></P><P>I am trying to get the config right on our nexus switches to use our local ACS server for authentication and command authorization. I of course want to make yuse of a local user-database if the connection to the central ACS server fails. But I cannot get the syntax correctly - can some please see what I am doing wrong here - se here - I have defined this on my nexus 5020:</P><P></P><P>I have defined a tacacs+ group named TACSRV </P><P></P><P></P><P>aaa group server tacacs+ TACSRV</P><P>aaa authentication login default group TACSRV</P><P>aaa authentication login console local </P><P>aaa authorization commands default group TACSRV </P><P>aaa authentication login error-enable </P><P></P><P></P><P></P><P>how should it look to first ask the servers in TACSRV and if not succesfully the local database?</P><P></P><P>best regards /ti</P> Mon, 11 Mar 2019 00:40:44 GMT https://community.cisco.com/t5/network-access-control/aaa-problem-with-nexus/m-p/1586511#M258398 tiwang 2019-03-11T00:40:44Z https://community.cisco.com/t5/network-access-control/aaa-problem-with-nexus/m-p/1586512#M258399 <HTML><HEAD></HEAD><BODY><P>Hello ,</P><P></P><P>You should add at the end of each authentication and authorization set "local"</P><P>Like this :</P><P></P><P>aaa authentication login default group TACSRV local<BR />aaa authorization config-commands default group TACSRV local<BR />aaa authorization commands default group TACSRV local</P><P></P><P></P><P></P><P>Dan</P></BODY></HTML> Wed, 29 Dec 2010 11:46:57 GMT https://community.cisco.com/t5/network-access-control/aaa-problem-with-nexus/m-p/1586512#M258399 Dan-Ciprian Cicioiu 2010-12-29T11:46:57Z https://community.cisco.com/t5/network-access-control/aaa-problem-with-nexus/m-p/1586513#M258400 <HTML><HEAD></HEAD><BODY><P>hi out there</P><P>ok - too stupid - it is of course just the cli which doesn't show me the possibilty - the correct syntax is </P><P></P><P>aaa authorization commands default group TACSRV local</P><P></P><P>but - how can I use this command</P><P></P><P></P><P>aaa authorization commands <SPAN style="text-decoration: underline;">default</SPAN> group TACSRV local</P><P></P><P>Can I define a collection of commands which is not default? Or what is this keyword intended to be used for?</P><P></P><P></P></BODY></HTML> Wed, 29 Dec 2010 11:47:27 GMT https://community.cisco.com/t5/network-access-control/aaa-problem-with-nexus/m-p/1586513#M258400 tiwang 2010-12-29T11:47:27Z https://community.cisco.com/t5/network-access-control/aaa-problem-with-nexus/m-p/1586514#M258401 <HTML><HEAD></HEAD><BODY><P>Hi ,</P><P></P><P>For now , as far as i now , there is no posibility to configure the level commands as on IOS</P><P>You have only :&nbsp; </P><P>&nbsp; commands&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Authorization for all exec-mode comamnds<BR />&nbsp; config-commands&nbsp; Authorization for config comamnds</P><P></P><P></P><P>Dan</P></BODY></HTML> Wed, 29 Dec 2010 11:50:13 GMT https://community.cisco.com/t5/network-access-control/aaa-problem-with-nexus/m-p/1586514#M258401 Dan-Ciprian Cicioiu 2010-12-29T11:50:13Z